<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
<title>AppEngineSecurityCheck xref</title>
<link type="text/css" rel="stylesheet" href="../../../../stylesheet.css" />
</head>
<body>
<div id="overview"><a href="../../../../../apidocs/name/pehl/taoki/security/AppEngineSecurityCheck.html">View Javadoc</a></div><pre>

<a name="1" href="#1">1</a>   <strong class="jxr_keyword">package</strong> name.pehl.taoki.security;
<a name="2" href="#2">2</a>   
<a name="3" href="#3">3</a>   <strong class="jxr_keyword">import</strong> org.restlet.Request;
<a name="4" href="#4">4</a>   <strong class="jxr_keyword">import</strong> org.restlet.Response;
<a name="5" href="#5">5</a>   <strong class="jxr_keyword">import</strong> org.restlet.data.Cookie;
<a name="6" href="#6">6</a>   <strong class="jxr_keyword">import</strong> org.restlet.util.Series;
<a name="7" href="#7">7</a>   
<a name="8" href="#8">8</a>   <strong class="jxr_keyword">import</strong> com.google.appengine.api.users.User;
<a name="9" href="#9">9</a>   <strong class="jxr_keyword">import</strong> com.google.appengine.api.users.UserService;
<a name="10" href="#10">10</a>  <strong class="jxr_keyword">import</strong> com.google.appengine.api.users.UserServiceFactory;
<a name="11" href="#11">11</a>  
<a name="12" href="#12">12</a>  <em class="jxr_javadoccomment">/**</em>
<a name="13" href="#13">13</a>  <em class="jxr_javadoccomment"> * @author $LastChangedBy:$</em>
<a name="14" href="#14">14</a>  <em class="jxr_javadoccomment"> * @version $LastChangedRevision:$</em>
<a name="15" href="#15">15</a>  <em class="jxr_javadoccomment"> */</em>
<a name="16" href="#16">16</a>  <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../name/pehl/taoki/security/AppEngineSecurityCheck.html">AppEngineSecurityCheck</a> implements <a href="../../../../name/pehl/taoki/security/SecurityCheck.html">SecurityCheck</a>
<a name="17" href="#17">17</a>  {
<a name="18" href="#18">18</a>      <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String TOKEN_ATTRIBUTE = <span class="jxr_string">"token"</span>;
<a name="19" href="#19">19</a>      <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String APPENGINE_COOKIE = <span class="jxr_string">"ACSID"</span>;
<a name="20" href="#20">20</a>  
<a name="21" href="#21">21</a>  
<a name="22" href="#22">22</a>      @Override
<a name="23" href="#23">23</a>      <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> check(Request request, Response response) <strong class="jxr_keyword">throws</strong> SecurityException
<a name="24" href="#24">24</a>      {
<a name="25" href="#25">25</a>          UserService userService = UserServiceFactory.getUserService();
<a name="26" href="#26">26</a>          User user = userService.getCurrentUser();
<a name="27" href="#27">27</a>          <strong class="jxr_keyword">if</strong> (user == <strong class="jxr_keyword">null</strong>)
<a name="28" href="#28">28</a>          {
<a name="29" href="#29">29</a>              <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../name/pehl/taoki/security/SecurityException.html">SecurityException</a>(<span class="jxr_string">"No user"</span>);
<a name="30" href="#30">30</a>          }
<a name="31" href="#31">31</a>  
<a name="32" href="#32">32</a>          String token = (String) request.getAttributes().get(TOKEN_ATTRIBUTE);
<a name="33" href="#33">33</a>          <strong class="jxr_keyword">if</strong> (token == <strong class="jxr_keyword">null</strong> || token.length() == 0)
<a name="34" href="#34">34</a>          {
<a name="35" href="#35">35</a>              <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../name/pehl/taoki/security/SecurityException.html">SecurityException</a>(<span class="jxr_string">"No security token"</span>);
<a name="36" href="#36">36</a>          }
<a name="37" href="#37">37</a>  
<a name="38" href="#38">38</a>          String sessionId = findSessionId(request);
<a name="39" href="#39">39</a>          String serverName = request.getResourceRef().getHostDomain();
<a name="40" href="#40">40</a>          <strong class="jxr_keyword">if</strong> (!(<span class="jxr_string">"localhost"</span>.equals(serverName)) &amp;&amp; !(token.equals(sessionId)))
<a name="41" href="#41">41</a>          {
<a name="42" href="#42">42</a>              <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../name/pehl/taoki/security/SecurityException.html">SecurityException</a>(<span class="jxr_string">"Invalid security token"</span>);
<a name="43" href="#43">43</a>          }
<a name="44" href="#44">44</a>      }
<a name="45" href="#45">45</a>  
<a name="46" href="#46">46</a>  
<a name="47" href="#47">47</a>      <strong class="jxr_keyword">private</strong> String findSessionId(Request request)
<a name="48" href="#48">48</a>      {
<a name="49" href="#49">49</a>          String result = <strong class="jxr_keyword">null</strong>;
<a name="50" href="#50">50</a>          Series&lt;Cookie&gt; cookies = request.getCookies();
<a name="51" href="#51">51</a>          <strong class="jxr_keyword">for</strong> (Cookie cookie : cookies)
<a name="52" href="#52">52</a>          {
<a name="53" href="#53">53</a>              <strong class="jxr_keyword">if</strong> (APPENGINE_COOKIE.equals(cookie.getName()))
<a name="54" href="#54">54</a>              {
<a name="55" href="#55">55</a>                  result = cookie.getValue();
<a name="56" href="#56">56</a>                  <strong class="jxr_keyword">break</strong>;
<a name="57" href="#57">57</a>              }
<a name="58" href="#58">58</a>          }
<a name="59" href="#59">59</a>          <strong class="jxr_keyword">return</strong> result;
<a name="60" href="#60">60</a>      }
<a name="61" href="#61">61</a>  }
</pre>
<hr/><div id="footer">This page was automatically generated by <a href="http://maven.apache.org/">Maven</a></div></body>
</html>

